The triggers are read during apk_db_unpack_pkg(). If we delete the
triggers list after then unpack we delete the triggers which is not
what we want.

This fixes bug introduced in ce3cf8bf

got broken to the previous array cleanup and grepping struct
definition only from headers.

Instead of having a null pointer, use a dummy array which just
says the array is empty. This helps in multiple places of the code
which would otherwise need explicitly need to check first if the
array exists. This has been cause of multiple seg.faults in the
past as the array check is easily omitted.

This also removes (or fixes) all existing checks accordingly.

clean up the triggers properly, in proper order.

we do not create mirror repositories from other valid repositories,
not from what was installed locally.

add the missing variable.

otherwise regeneration of non-repository index might go wrong or we
might delete too many files from cache when doing 'cache clean'.

got broke few commits ago when apk_pkg_installed() call was
moved to happen after the package name has been read.

this is now mandatory after the overlay fixes. otherwise the
package will not get listed as installed.

turns out the logic does not work with overlays as expected due
to busybox symlinks being unmanaged. remove the useless option.

appears this is possible, so support it.

lookup proper directory instance as the tar output might not be
linear.

get list of overlay files from stdin, so those do not get overwritten.

less syscalls.

do not overwrite target if we have --never-overwrite and target exists.

ref #197

the old code treated a symlink to directory as file; it tried
to calculate regular has of it. fix this by: 1) using no follow
on migration and pruning stats, and 2) the helper function to
check if it's point to directory and not calculate hash in that
case. fixes #188.

ability embed description information to repository indexes
(e.g. repository name and version) and show it via "apk version -I".

check device major if it's tmpfs and refuse to use cache if
we've been fooled.

the first item is place holder for argv[0] = script name. it's
overwritten by the apk_pkgi_run_script.

- make virtual packages work again
- make apk del (for non-empty packages) work again

this makes the database package entry smaller, and we propbably
get more fields to installed_package later too. this cleans up
the way scripts are stored and is a preparation for supporting
triggers. some parsing for trigger meta-data. ref #45.

also have the output stream support writing to temporary file
and do renameat/unlinkat on close depending on if all writes
succeeded or not.

and take checksums for symlinks too.

otherwise, non repository files present in cache are not
considered for installation (e.g. when booting from cdrom).

fixes #127

some hooks to package verification code were missing causing the
verification to not be done (causing pre-script to be not run).
fixes #124, #126.

instead enforce world dependencies when the package name
is first referenced upon.

this helps boots sequence when network is not available.

so user can override trusted keys directory and repositories file.

it's a warning not an error to have non-existant repository.
bad signature means tampering; but we might want to just ignore
those. this is especially important if we have http repositories
and we are bootstrapping (without network).